Switch Native Vlan

I need an Expert to clear up the confusion about Native Vlan.
in some articles it says Native Vlan carries Untagged Traffic ,by default Vlan 1 is Native Vlan and can be changed
Trunks carry Tagged Traffic

So let's say I connect 2 switches and Trunk them from one Port to another.
and create Vlan2 and Vlan3 on both  switches. Does that mean traffic on Native Vlan1 will still  go through the Trunk as untagged even when Trunk carries only tagged traffic ?

any clarifications?

Thank you
jskfanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
I need an Expert to clear up the confusion about Native Vlan.
in some articles it says Native Vlan carries Untagged Traffic ,by default Vlan 1 is Native Vlan and can be changed
Trunks carry Tagged Traffic
This is correct.
So let's say I connect 2 switches and Trunk them from one Port to another.
and create Vlan2 and Vlan3 on both  switches. Does that mean traffic on Native Vlan1 will still  go through the Trunk as untagged even when Trunk carries only tagged traffic ?
This is also correct.  But I think you're under the impression that "trunks carry tagged traffic" is an absolute.  Trunks carry multiple (more than one) VLANs.  One of those VLAN will be carried over that trunk as untagged.  This is the native VLAN.  All other VLANs carried over that trunk will be tagged.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
While the switches passing vlan traffic to another switch, the source switch will add tag value to those plans based on the trunk protocol ( dot1q or isl)


For some reason, if the trunk port went to static or not working , still you will have access to the switch by using vlan 1;  because Vlan 1 traffic never tagged by trunking protocol and thats the default native vlan.

Even, you can choose your own management vlan to be native vlan.  Its not necessary that other vlans can't be native vlan
LB1234Commented:
What really clarified this for me was thinking about the occasions when switches need to talk to one another, let's say for telnet, or passing other types of discovery-related information between themselves.  They need a place where all that traffic can be received between them, and since a trunk port is the only thing linking them, it also has to flow over that.  So switches need to talk to each other at times (for which there's the native VLAN), but they also have to send traffic for their attached devices.  Don't get me wrong, the native VLAN isn't ONLY for communications between switches, and certainly PC's can be a part of that VLAN as well, but the native VLAN is the designated vlan for comms between swtitches.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Don JohnstonInstructorCommented:
the native VLAN is the designated vlan for comms between swtitches.
Actually, it isn't.  I think you are referring to (what most people call) the management VLAN.  And it has nothing to do with the native VLAN.  The native VLAN is nothing more than a single VLAN on a trunk who's frames are not tagged.  That's it. No more, no less.  

The original intent of the native VLAN was to allow legacy devices (which were located between two trunking switches) to be able to communicate. That ability is not really needed anymore so the whole native VLAN thing is just a carryover from the old days.

To further confuse the issue, many vendors now allow even the native VLAN to be tagged. Which is a bit of an oxymoron since the native VLAN is the only VLAN which is not tagged so by tagging it, it's not really "native" anymore.
mikebernhardtCommented:
In addition to Don's comments, which I agree with, I would like to add that there is no need to even carry the native VLAN on the trunk. For example on a Cisco switch at least, you can limit the vlans to be permitted with (for your situation)
switchport trunk allowed vlan 2,3

This permits Vlans 2 and 3 across, but blocks vlan 1 along with all other vlans. And everything will work perfectly.

Incidentally, not only is it NOT required that you use vlan 1 for management; Best Practices recommends AGAINST it for the exact reason that it is untagged and therefore less secure.
Don JohnstonInstructorCommented:
In addition to Mike's comments, which I agree with... ;-)

Best practices also recommends not using the native VLAN for any traffic at all.  Meaning specify a native VLAN that isn't used for anything.

Personally, I create VLAN 666 just for use as the native VLAN. :-D
LB1234Commented:
I got this "For 802.1.Q tagged interfaces, Cisco uses untagged frames to carry admin various protocols between the switches e.g. CDP, DTP."  I wasn't talking about a management VLAN, for which there is an IP address, and which is for remote access by an administrator.  I'm talking about discovery traffic, CDP, etc.
Don JohnstonInstructorCommented:
I got this "For 802.1.Q tagged interfaces, Cisco uses untagged frames to carry admin various protocols between the switches e.g. CDP, DTP."
Yeah... sadly there's a lot of bad and wrong information out there.  

CDP, DTP, etc. is always carried over VLAN 1.  Which is the native VLAN by default (and therefore untagged). So maybe that's what they were trying to say.

But there is nothing that prevents tagging VLAN1 (which you should always do anyway).
mikebernhardtCommented:
And I agree with Don's comment about my comment- I meant to say the same- never use VLAN 1 for anything at all. I don't generally change the native vlan, I just don't use it or pass it.

My experience is that CDP is carried over some other VLAN if VLAN 1 isn't there. I NEVER allow VLAN 1 on trunks and have no problem with CDP.
Don JohnstonInstructorCommented:
Here's an interesting tidbit.  You can remove VLAN 1 from a trunk.  And no user traffic in VLAN 1 will pass over that trunk.  

But CDP, DTP, LACP, etc. will still be in VLAN 1 and will still pass over the trunk (even though VLAN 1 has been removed from the trunk).

Picked that up from a Cisco programmer a while back.
LB1234Commented:
Man this is really weird, because even Jeremy Ciara at CBTnuggets said that traffic between switches happens on the native VLAN.
Don JohnstonInstructorCommented:
Like I said, there's a lot incorrect, wrong, bad information out there. It's not (always) intentional.
LB1234Commented:
Don, I defer to your facts on this.  You're right.  I found several sources that back up your statements.  And yes there's a fair amount of inaccurate information on this!  Sorry OP!
jskfanAuthor Commented:
Let me see if I got it:

Trunk can carry both Tagged and untagged traffic(from native vlan).
So What's the purpose of tagging or untagging the traffic ?
Don JohnstonInstructorCommented:
Tagging allows the switches to identify which VLAN the frames are in.

And only one VLAN can be untagged on a trunk.  The purpose of being able to do this was to allow backwards compatibility with devices that didn't understand the whole tagging concept back when 802.1q was ratified back in 1998.
jskfanAuthor Commented:
Ok, so if a switch has 24 ports. I can configure one port as a trunk, and the rest of the ports in other Vlans.
No Native vlan at all. Would this still be working ok with no issues ?
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
//No Native vlan at all. Would this still be working ok with no issues ? //  -- Yes. It will work without any issues.

Native VLAN is a logical concept and by default vlan 1 will be acting as native vlan and you can use the same native vlan for other purposes too ( example management vlan, server vlan etc)
Don JohnstonInstructorCommented:
No Native vlan at all. Would this still be working ok with no issues ?
Depending on the switch platform and OS version, you might not be able to.  For example, I don't think the Cisco 2950 has the command to tag the native VLAN.  

But if the switch allows you to tag the native VLAN, then yes, it will work fine.
jskfanAuthor Commented:
I meant if even deleting Vlan1 ...No Native Vlan at all on the switches...
The switches will still be able to communicate and carry CDP,etc...traffic ?
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Since it's default in switch, you can't delete vlan 1 from the switch..

If you disable vlan 1,  you must choose anyone of the other vlan to be a native vlan..
Don JohnstonInstructorCommented:
The trunks will always carry that type of traffic.  It doesn't matter what you so with respect to tagging, native VLANs, etc.
jskfanAuthor Commented:
SO a Switch can not survive with No Native Vlan on it, it has to have one...if you try to disable Native Vlan1 , it will not let you do so until you create another Native Vlan ?
Don JohnstonInstructorCommented:
SO a Switch can not survive with No Native Vlan on it, it has to have one...if you try to disable Native Vlan1 , it will not let you do so until you create another Native Vlan ?
First, the native VLAN is not specific to the switch. It is specific to the trunk.  In other words, a switch that has 12 trunk links, could have 12 different native VLANs.  It would be a very confusing setup, but it could be done.  
Second, your phrase "native VLAN 1" is two separate concepts.  There is "native VLAN" and there's "VLAN 1".  

You can NOT delete VLAN 1. Period.  No exceptions. You also can't rename it. VLAN 1 is always named "default".  

The native VLAN has to be defined for a particular trunk. But it can be any VLAN you want.
jskfanAuthor Commented:
I will come back on this later
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.